Microsoft catches Russian hackers targeting foreign embassies
Russian-state hackers are targeting foreign embassies in Moscow with custom malware that gets installed using adversary-in-the-middle attacks that operate at the ISP level, Microsoft warned Thursday. The campaign has been ongoing since last year. It leverages ISPs in that country, which are obligated to work on behalf of the Russian government. With the ability to control the ISP network, the threat group positions itself between a targeted embassy and the end points they connect to. READ MORE...
Florida prison email blunder exposes visitor contact info to inmates
A data breach at a Florida prison has inmates' families concerned for their welfare after their contact details were allegedly leaked to convicted criminals. An Everglades Correctional Institution (ECI) staffer sent an email to every prison inmate on July 24 containing the contact details of their fellow jailbirds' visitors, the Florida Phoenix reported. Prisoners are able to access emails via kiosks and secure tablets in the facility. READ MORE...
Developer survey shows trust in AI coding tools is falling as usage rises
AI tools are widely used by software developers, but those devs and their managers are still grappling with figuring out how exactly to best put the tools to use, with growing pains emerging along the way. That's the takeaway from the latest survey of 49,000 professional developers by community and information hub Stack Overflow, which itself has been heavily impacted by the addition of large language models (LLMs) to developer workflows. READ MORE...
DragonForce Ransom Cartel Profits Off Rivals' Demise
DragonForce, the "ransomware cartel," got a big glow up last quarter, thanks to the apparent integration of RansomHub. That's based on Check Point Research's ransomware report for Q2, which was published today and featured broader insights into the greater ransomware ecosystem. The report observed a large disappearance of prominent ransomware-as-a-service (RaaS) groups RansomHub, Babuk-Bjorka, Cactus, Lockbit, and more. READ MORE...
New 'Shade BIOS' Technique Beats Every Kind of Security
Researchers have developed a method for running malware in a computer's BIOS - a place where no security software can reach. At Black Hat 2025, Kazuki Matsuo, a security researcher at FFRI Security, will detail the technique he and his colleagues call "Shade BIOS." Unlike with traditional UEFI rootkits and bootkits, Shade BIOS distinguishes itself by requiring essentially zero interaction with an operating system (OS). READ MORE...
Security gaps still haunt shared mobile device use in healthcare
Shared mobile devices are becoming the standard in hospitals and health systems. While they offer cost savings and workflow improvements, many organizations are still struggling to manage the security risks that come with them, according to Imprivata's 2025 State of Shared Mobile Devices in Healthcare report. Shared-use devices are everywhere, and their use will only grow. 99% of respondents expect shared device programs to expand over the next two years. READ MORE...
40,000 WordPress websites at risk of being hijacked due to vulnerable Post SMTP plugin
Over 40,000 websites running a vulnerable version of a popular WordPress plugin could be at risk of being hijacked by hackers. The Post SMTP plugin is an add-on used by approximately 400,000 WordPress-powered websites to improve the reliability and security of their email delivery. The plugin has proven popular in part because of its marketing that presents it as a more reliable and full-featured replacement to the default email functionality built into WordPress. READ MORE...
Pwn2Own hacking contest pays $1 million for WhatsApp exploit
The Zero Day Initiative is offering a $1 million reward to security researchers who will demonstrate a zero-click WhatsApp exploit at its upcoming Pwn2Own Ireland 2025 hacking contest. The record bounty targets zero-click security flaws that allow code execution without user interaction on the messaging platform used by more than three billion people worldwide. Meta, alongside Synology and QNAP, is co-sponsoring the Pwn2Own Ireland 2025 competition. READ MORE...
AI-powered Cursor IDE vulnerable to prompt-injection attacks
A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges. The security issue is now identified as CVE-2025-54135 and can be leveraged by feeding the AI agent a malicious prompt to trigger attacker-control commands. The Cursor integrated development environment (IDE) relies on AI agents to help developers code faster and more efficiently. READ MORE...
- ...in 1819, author Herman Melville ("Moby-Dick", "Bartleby, The Scrivener") is born in New York City.
- ...in 1834, slavery is abolished in the British Empire, as the prior year's Slavery Abolition Act comes into force.
- ...in 1941, the first US Army Jeep is produced.
- ...in 1981, MTV begins broadcasting in the United States. The first music video they play is "Video Killed the Radio Star", by The Buggles.
